01 August, 2014

Secure Remote Managment

# Secure Remote Managment

 Password Length
Local Privilege 15 User
Hide Plain Text Passwords
SSH Support
CCP Support
ACLs For MGMT, Access
Slowing Brute Force Attacks
Clipping Failed Login Attempts

! Change hostname
R2(config)#hostname R1

 ! Set Domain Name
R1(config)#ip domain-name ITTSM.BLOGSPOT.COM

 ! Configure minimum length 
R1(config)#security passwords min-length 6

 ! Verify
R1(config)#username admin privilege 15 secret cisco
% Password too short - must be at least 6 characters. Password configuration failed

 R1(config)#username admin privilege 15 secret cisco123

 ! Configure password ecnryption
R1(config)#service password-encryption

 ! Generate RSA Key for SSH
R1(config)#crypto key generate rsa modulus 2048 label Our-RSA-Keys
The name for the keys will be: Our-RSA-Keys

 % The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]

 ! Configure SSH version 2
R1(config)#ip ssh version 2

 ! Specify SSH time-out interval
R1(config)#ip ssh time-out 30

 ! Configure Number of authentication retries
R1(config)#ip ssh authentication-retries 5

 ! Verify 
R1#show crypto key mypubkey rsa
% Key pair was generated at: 15:26:48 UTC Aug 1 2014
Key name: Our-RSA-Keys
 Storage Device: not specified
 Usage: General Purpose Key
 Key is not exportable.
 Key Data:
  30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
  00B3C0A7 4D666BB7 049F8EE5 4F18C21C 3CD75CC8 06B1754F A6D9E032 EE1785EB
  85BDD919 2716AAC1 98E1FD52 7CF5E5FA B212B1E4 5B2BBCD2 25713425 3985A811
  1C1D4F64 ADAF962F 3B56633A C1CC5FAF 9A3B955B CFE4F2AC FF1C6671 4F91CFA1
  CD59F9D5 DE2F3D91 3E3E1AAD 01650911 9943637C 5B276035 916169BD C76EB0A5
  E0F38C51 1E581075 4F27F1AE F53AF354 7C3193BB 643FA924 B15094BD 8832091C
  D3F4F3B4 4BE5347A 7380BAF7 C3F43220 9522DE1B EEEB010E 428DA541 03874FC8
  EC7F167B 20032F79 3524BD50 4A8BAF05 24B3825A 17ED4D42 BE1370D4 0CC2FA6C
  2E50733B FEA43F05 4011E2B9 9869135F F2E867B9 4E820D42 9C0113C3 EB98C2EE
  C9020301 0001
% Key pair was generated at: 15:26:49 UTC Aug 1 2014
Key name: Our-RSA-Keys.server
Temporary key
 Usage: Encryption Key
 Key is not exportable.
 Key Data:
  307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00CBFEF5 E8FACB24
  DFB6BE5C 79FA940E 170FE136 5EA9EBC8 6E8A7B72 8B2D34BC 665AF8A6 CC6E2907
  91FC4FC0 556667E2 A00F8053 DF7C5436 05012901 CB49D16D 3793E4A3 8B1A7384
  D3CF90F8 7DD47CA8 B83F13B8 B9DD0AB3 36E8095C 8AFB5C1C 6B020301 0001
  
! Allow only HTTPS Access  
R1(config)#no ip http server
R1(config)#ip http secure-server

 ! Password needed to access
R1(config)#ip http authentication local

 Create permitted host Access List  
R1(config)#ip access-list standard 5
R1(config-std-nacl)#permit host 10.1.0.25
R1(config-std-nacl)#permit host 192.168.1.129
R1(config-std-nacl)#deny any log
R1(config-std-nacl)#exit

 ! Apply Security Access list to access HTTPS
R1(config)#ip http access-class 5 
  
! Configure VTY Lines and Apply Security Access list
R1(config)#line vty 0 15
R1(config-line)#transport input ssh
R1(config-line)#login local
R1(config-line)#access-class 5 in
R1(config-line)#exit

 ! Set delay between successive fail login (Seconds)
R1(config)#login delay 5

 ! Slow down Brute-Force Attack
R1(config)#login block-for 30 attempts 3 within 60
*Note : More details about Login Here
At
Tags:: , ,